[TriLUG] cracked shared hosting: what to do?

Kevin Hunter Kesling hunteke at earlham.edu
Wed Apr 17 19:22:39 EDT 2013


At 7:09pm -0400 Wed, 17 Apr 2013, Scott Miller wrote:
> If the compromise and attacker used a php shell on that same shared
> hosting server (on any adjacent site), they can then make changes to
> files or anything they want and nothing is logged.
>
> Check out any of these php shells:
>
> http://www.securityaegis.com/web-shells-for-all/
>
> With these you can upload files, change files, execute code, change
> file timestamps, all transparent and not logged anywhere by logs.
> (Will not put anything in apache logs)

No kidding.  I had not run across these before.  I wonder if this -- or 
automated equivalent -- is what is/was happening.  Thanks for the pointer!

> It all depends on how secure or insecure dreamhost shared hosting is
> as to how much one could change via this method.

Heh, as alluded to by John, I imagine it's the latter.  John's right, 
but I have to convince my boss of that.  For now, that's all he wrote.

Cheers and thanks,

Kevin



More information about the TriLUG mailing list